Komputer bardzo spowolnił

jaren8 · 14 Marzec 2007 11:50

Proszę o sprawdzenie loga Od pewnego czasu komputer bardzo spowolnił .F-secure wykrył wirusa AdWare.Win32 Virtumonde w katalogu C:\ WINDOWS\system32\rqrqnlj.dll-nie potrafię go usunąć.

W kwarantannie F-secure jest 8620 wpisów.

Proszę o pomoc

Logfile of HijackThis v1.99.1 Scan saved at 11:20:19, on 2007-03-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe D:\F-Secure\Anti-Virus\fsgk32st.exe D:\F-Secure\Anti-Virus\FSGK32.EXE D:\F-Secure\Common\FSMA32.EXE D:\F-Secure\Common\FSMB32.EXE C:\WINDOWS\system32\SLEE81.exe D:\F-Secure\Common\FCH32.EXE C:\WINDOWS\System32\svchost.exe D:\F-Secure\Anti-Virus\fsqh.exe D:\F-Secure\Common\FAMEH32.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe D:\F-Secure\Common\FSM32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe D:\F-Secure\Anti-Virus\fssm32.exe D:\F-Secure\FSAUA\program\fsaua.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\F-Secure\FWES\Program\fsdfwd.exe C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe D:\F-Secure\FSAUA\program\fsus.exe D:\F-Secure\Anti-Virus\fsav32.exe D:\F-Secure\FSGUI\fsguidll.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Odkurzacz-MCD] F:\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [CafeNews] C:\Program Files\Press-Service\CafeNews\CN.exe /autostart O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKLM…\Run: [F-Secure Manager] “D:\F-Secure\Common\FSM32.EXE” /splash O4 - HKLM…\Run: [F-Secure TNB] “D:\F-Secure\FSGUI\TNBUtil.exe” /CHECKALL /WAITFORSW O4 - HKLM…\Run: [2chkdsk] rundll32.exe “C:\WINDOWS\system32\qjecouvi.dll”,setvm O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\Press-Service\CafeNews\addFeed.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: d:\f-secure\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\F-Secure\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - D:\F-Secure\Common\FSMA32.EXE O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe

jaren8@wp.eu

kuz5 · 14 Marzec 2007 14:24

Uwaga: Jak wklejasz loga to obejmuj go znacznikiem (tagiem) CODE lub QUOTE

Proponuje poczytać TEN temat i zobacz jaka jest prośba do userów wklejających loga.

Widziałeś ten komunikat Ważny komunikat dotyczący tytułowania tematów zastosuj sie do niego => inaczej temat poleci do śmietnika :evil:

Wpisy usuń w HijackThis

Plik na czerwono usuń programem Pocket Killbox czyli odpalasz Killboxa zaznacz opcję Delete on Reboot następnie w polu Full Path of File to Delete wklej ścieżke:(z tego co piszesz tobędzie ona wyglądać tak)

C:\WINDOWS\system32** qjecouvi.dll**

następnie program będzie pytał o restart (oczywiście zgadzasz sie)

Jeżeli nadal siedzi usuń go j/w KillBoxem

Po wszystkim wklej dwa nowe logi HijackThis oraz SilentRunners

jaren8 · 14 Marzec 2007 20:06

Pliki na czerwono usunąłem ale w przypadku C:WINDOWS\system32\rqrqnlj.dll pojawia się komunikat:“PendingFileRenamedOperations registry data has been Removed by External Process”

Logfile of HijackThis v1.99.1 Scan saved at 20:36:47, on 2007-03-14 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\SLEE81.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\mozilla.org\Mozilla\mozilla.exe D:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Odkurzacz-MCD] F:\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [CafeNews] C:\Program Files\Press-Service\CafeNews\CN.exe /autostart O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\Press-Service\CafeNews\addFeed.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{D5921F1F-DD34-4EA0-9479-1F1927C7BE30}: NameServer = 194.204.159.1 217.98.63.164 O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “BitTorrent” = ““C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized” [null data] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u” “PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”] “DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “autoclk” = “autoclk.exe” [file not found] “adiras” = “adiras.exe” [file not found] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “Odkurzacz-MCD” = “F:\Odkurzacz 10.1 Pro\odk_mcd.exe” [file not found] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “CafeNews” = “C:\Program Files\Press-Service\CafeNews\CN.exe /autostart” [“PRESS-SERVICE Monitoring Mediów http://www.press-service.com.pl, Multimedia Cafe http://www.mmcafe.pl”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] {93498FF1-49D7-4C9A-B40B-5B0102F92C5C}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\mllji.dll” [null data] {CFECD983-E63D-4141-A366-45D59AE566D3}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\bfqthofd.dll” [null data] {D38439EC-4A7F-42b4-90C2-D810D7778FDD}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\egwepsud.dll” [file not found] {EF7C999D-43DD-43C3-A25B-2DB1A881664A}(Default) = (no title provided) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\rqrqnlj.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” = “ZipGenius Shell Extension” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] “{2E5AC2E0-406D-11D4-86B3-FA5861508E25}” = “ZipGenius Zip InfoTip” -> {HKLM…CLSID} = “ZipGenius 5 Zip InfoTip” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\zgtips.dll” [null data] “{310A0C95-EA11-42AE-A8E4-53E69E650310}” = “ZipGenius Zip Drop handler” -> {HKLM…CLSID} = “ZipGenius Drag and Drop handler” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL” [null data] “{FE8D01BF-610A-4261-9C6E-32D65A42C907}” = “ZipGenius Drag and Drop handler” -> {HKLM…CLSID} = “Delphi Context Menu Shell Extension Example” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL” [“M.Dev Software”] “{00000000-5736-4205-0100-1967b1b2ce60}” = “Steganos Security Suite 7 Special Edition” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\OpenOffice.org1.1.0\program\shlxthdl.dll” [“Sun Microsystems, Inc.”] “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View” -> {HKLM…CLSID} = “Contact View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {HKLM…CLSID} = “Message View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] <> “{EF7C999D-43DD-43C3-A25B-2DB1A881664A}” = “*g” (unwritable string) -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\WINDOWS\system32\rqrqnlj.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <> mllji\DLLName = “C:\WINDOWS\system32\mllji.dll” [null data] <> rqrqnlj\DLLName = “rqrqnlj.dll” [null data] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Steganos Security Suite 7 Special Edition(Default) = “{00000000-5736-4205-0100-1967b1b2ce60}” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZipGenius 5(Default) = “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Steganos Security Suite 7 Special Edition(Default) = “{00000000-5736-4205-0100-1967b1b2ce60}” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZipGenius 5(Default) = “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\JAREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “JAREK” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\JAREK\Menu Start\Programy\Autostart “OpenOffice.org 1.1.0” -> shortcut to: “C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\ “ButtonText” = “eBay - Homepage” “CLSIDExtension” = “{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}” -> {HKLM…CLSID} = “Toolbar Extension for Executable” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [MS] “Exec” = “C:\Program Files\IrfanView\Ebay\Ebay.htm” [null data] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Steganos Live Encryption Engine 8.1 [service], SLEE_81_SERVICE, “C:\WINDOWS\system32\SLEE81.exe” [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 23 seconds. ---------- (total run time: 71 seconds)

nie wiem czy dobrze powklejałem bo żeby zaznaczyć tekst trzeba czekac ok.30 s na przewinięcie

adam9870 · 14 Marzec 2007 20:12

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\system32\mllji.dll

C:\WINDOWS\system32\bfqthofd.dll

C:\WINDOWS\system32\rqrqnlj.dll

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Otwórz Notatnik i wklej w nim to:

Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{93498FF1-49D7-4C9A-B40B-5B0102F92C5C}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CFECD983-E63D-4141-A366-45D59AE566D3}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{D38439EC-4A7F-42b4-90C2-D810D7778FDD}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{EF7C999D-43DD-43C3-A25B-2DB1A881664A}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] “{EF7C999D-43DD-43C3-A25B-2DB1A881664A}”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mllji] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqrqnlj]

Plik >>> Zapisz jako >>> Zmień rozszerzenie z TXT na Wszystkie pliki >>> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.

Użyj VundoFix + FixVundo + VirtumundoBeGone. Wszystkie narzędzia należy uruchomić będąc w trybie awaryjnym.

Po wykonaniu pokaż nowy log z hjt, SilentRunners + log numer 1 z L2Mfix.

jaren8 · 14 Marzec 2007 20:34

adamie9870 znowu komunikat- PendingFileRenamedOperations registry data has been Removed by External Process.

adam9870 · 14 Marzec 2007 20:37

Nie przejmuj się nim tylko przejdź do wykonywania dalszych czynności.

jaren8 · 14 Marzec 2007 22:49

“Silent Runners.vbs”, revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “CTFMON.EXE” = “C:\WINDOWS\system32\ctfmon.exe” [MS] “MSMSGS” = ““C:\Program Files\Messenger\msmsgs.exe” /background” [MS] “Skype” = ““C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized” [“Skype Technologies S.A.”] “BitTorrent” = ““C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized” [null data] “Gadu-Gadu” = ““C:\Program Files\Gadu-Gadu\gg.exe” /tray” [“Gadu-Gadu S.A.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} “SoundMan” = “SOUNDMAN.EXE” [“Realtek Semiconductor Corp.”] “KernelFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -k” “UserFaultCheck” = “C:\WINDOWS\system32\dumprep 0 -u” “PCSuiteTrayApplication” = “C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray” [“Nokia”] “DataLayer” = “C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [“Nokia Mobile Phones Ltd.”] “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [empty string] “autoclk” = “autoclk.exe” [file not found] “adiras” = “adiras.exe” [file not found] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\Program Files\Neostrada TP\taskbaricon.exe” [“France Télécom R&D”] “avast!” = “C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [null data] “Odkurzacz-MCD” = “F:\Odkurzacz 10.1 Pro\odk_mcd.exe” [file not found] “Windows Defender” = ““C:\Program Files\Windows Defender\MSASCui.exe” -hide” [MS] “Cmaudio” = “RunDll32 cmicnfg.cpl,CMICtrlWnd” [MS] “P17Helper” = “Rundll32 P17.dll,P17Helper” [MS] “CafeNews” = “C:\Program Files\Press-Service\CafeNews\CN.exe /autostart” [“PRESS-SERVICE Monitoring Mediów http://www.press-service.com.pl, Multimedia Cafe http://www.mmcafe.pl”] “SunJavaUpdateSched” = ““C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”” [“Sun Microsystems, Inc.”] “Adobe Photo Downloader” = ““C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”” [“Adobe Systems Incorporated”] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}(Default) = (no title provided) -> {HKLM…CLSID} = “Adobe PDF Reader Link Helper” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll” [“Adobe Systems Incorporated”] {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}(Default) = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Rozszerzenie CPL kadrowania wyświetlania” -> {HKLM…CLSID} = “Rozszerzenie CPL kadrowania wyświetlania” \InProcServer32(Default) = “deskpan.dll” [file not found] “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “Rozszerzenie ikony HyperTerminalu” -> {HKLM…CLSID} = “HyperTerminal Icon Ext” \InProcServer32(Default) = “C:\WINDOWS\System32\hticons.dll” [“Hilgraeve, Inc.”] “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” = “ZipGenius Shell Extension” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] “{2E5AC2E0-406D-11D4-86B3-FA5861508E25}” = “ZipGenius Zip InfoTip” -> {HKLM…CLSID} = “ZipGenius 5 Zip InfoTip” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\zgtips.dll” [null data] “{310A0C95-EA11-42AE-A8E4-53E69E650310}” = “ZipGenius Zip Drop handler” -> {HKLM…CLSID} = “ZipGenius Drag and Drop handler” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL” [null data] “{FE8D01BF-610A-4261-9C6E-32D65A42C907}” = “ZipGenius Drag and Drop handler” -> {HKLM…CLSID} = “Delphi Context Menu Shell Extension Example” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL” [“M.Dev Software”] “{00000000-5736-4205-0100-1967b1b2ce60}” = “Steganos Security Suite 7 Special Edition” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] “{63542C48-9552-494A-84F7-73AA6A7C99C1}” = “OpenOffice Property Sheet Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\OpenOffice.org1.1.0\program\shlxthdl.dll” [“Sun Microsystems, Inc.”] “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}” = “Nokia Phone Browser” -> {HKLM…CLSID} = “Nokia Phone Browser” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll” [“Nokia”] “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}” = “Contact View” -> {HKLM…CLSID} = “Contact View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\ContactView.dll” [“Nokia”] “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}” = “Message View” -> {HKLM…CLSID} = “Message View” \InProcServer32(Default) = “C:\Program Files\Nokia\Nokia PC Suite 6\MessageView.dll” [“Nokia”] “{472083B0-C522-11CF-8763-00608CC02F24}” = “avast” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}” = “Microsoft AntiMalware ShellExecuteHook” -> {HKLM…CLSID} = “Microsoft AntiMalware ShellExecuteHook” \InProcServer32(Default) = “C:\PROGRA~1\WINDOW~4\MpShHook.dll” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}” -> {HKLM…CLSID} = “WPDShServiceObj Class” \InProcServer32(Default) = “C:\WINDOWS\system32\WPDShServiceObj.dll” [MS] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}(Default) = “PDF Column Info” -> {HKLM…CLSID} = “PDF Shell Extension” \InProcServer32(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll” [“Adobe Systems, Inc.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] Steganos Security Suite 7 Special Edition(Default) = “{00000000-5736-4205-0100-1967b1b2ce60}” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZipGenius 5(Default) = “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ Steganos Security Suite 7 Special Edition(Default) = “{00000000-5736-4205-0100-1967b1b2ce60}” -> {HKLM…CLSID} = “Steganos Security Suite 7 Special Edition” \InProcServer32(Default) = “c:\program files\steganos security suite 7 se\sssse7se.dll” [null data] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] ZipGenius 5(Default) = “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}” -> {HKLM…CLSID} = “ZipGenius 5 Zip Shell Extension” \InProcServer32(Default) = “C:\PROGRA~1\ZIPGEN~1\contmenu.dll” [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast(Default) = “{472083B0-C522-11CF-8763-00608CC02F24}” -> {HKLM…CLSID} = “avast” \InProcServer32(Default) = “C:\Program Files\Alwil Software\Avast4\ashShell.dll” [“ALWIL Software”] WinRAR(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” -> {HKLM…CLSID} = “WinRAR” \InProcServer32(Default) = “C:\Program Files\WinRAR\rarext.dll” [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ “shutdownwithoutlogon” = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} “undockwithoutlogon” = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ “Wallpaper” = “C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\Documents and Settings\JAREK\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp” Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ “SCRNSAVE.EXE” = “C:\WINDOWS\System32\logon.scr” [MS] Startup items in “JAREK” & “All Users” startup folders: ------------------------------------------------------- C:\Documents and Settings\JAREK\Menu Start\Programy\Autostart “OpenOffice.org 1.1.0” -> shortcut to: “C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe” [null data] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart “Adobe Reader Speed Launch” -> shortcut to: “C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe” [“Adobe Systems Incorporated”] “DSLMON” -> shortcut to: “C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe /W” [empty string] Enabled Scheduled Tasks: ------------------------ “MP Scheduled Scan” -> launches: “C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] 000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll” [MS] 000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 23 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ “{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}” = (no title provided) -> {HKLM…CLSID} = “Megaupload Toolbar” \InProcServer32(Default) = “C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL” [“MegaUpload”] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\audience\audience.dll” [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}” -> {HKCU…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll” [“Sun Microsystems, Inc.”] -> {HKLM…CLSID} = “Java Plug-in 1.5.0_11” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll” [“Sun Microsystems, Inc.”] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ “MenuText” = “@xpsp3res.dll,-20001” “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe” [MS] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}\ “ButtonText” = “eBay - Homepage” “CLSIDExtension” = “{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}” -> {HKLM…CLSID} = “Toolbar Extension for Executable” \InProcServer32(Default) = “C:\WINDOWS\System32\shdocvw.dll” [MS] “Exec” = “C:\Program Files\IrfanView\Ebay\Ebay.htm” [null data] Miscellaneous IE Hijack Points ------------------------------ HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <> “{08C06D61-F1F3-4799-86F8-BE1A89362C85}” = (no title provided) -> {HKLM…CLSID} = “Search Class” \InProcServer32(Default) = “C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL” [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ““C:\Program Files\Alwil Software\Avast4\ashServ.exe”” [null data] avast! iAVS4 Control Service, aswUpdSv, ““C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe”” [null data] avast! Mail Scanner, avast! Mail Scanner, ““C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe” /service” [“ALWIL Software”] avast! Web Scanner, avast! Web Scanner, ““C:\Program Files\Alwil Software\Avast4\ashWebSv.exe” /service” [“ALWIL Software”] Steganos Live Encryption Engine 8.1 [service], SLEE_81_SERVICE, “C:\WINDOWS\system32\SLEE81.exe” [null data] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt08\Driver = “hpzsnt08.dll” [“HP”] ---------- <>: Suspicious data at a malware launch point. <>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 61 seconds. ---------- (total run time: 103 seconds)

jest coraz lepiej

ale nie bardzo wiem jak uruchomić I2mfix

adam9870 · 15 Marzec 2007 12:21

Log czysty.

Poczytaj:

http://cybertrash.pl/images/tata/L2MFIX.html

Ewentualnie zamiast loga z L2mfix pokaż log z ComboScan:

http://www.searchengines.pl/phpbb203/in … opic=86306

jaren8 · 15 Marzec 2007 12:24

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] “Logon”=“WLEventLogon” “Logoff”=“WLEventLogoff” “Startup”=“WLEventStartup” “Shutdown”=“WLEventShutdown” “StartScreenSaver”=“WLEventStartScreenSaver” “StopScreenSaver”=“WLEventStopScreenSaver” “Lock”=“WLEventLock” “Unlock”=“WLEventUnlock” “StartShell”=“WLEventStartShell” “PostShell”=“WLEventPostShell” “Disconnect”=“WLEventDisconnect” “Reconnect”=“WLEventReconnect” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000000 “SafeMode”=dword:00000001 “MaxWait”=dword:ffffffff “DllName”=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Event”=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] “Data”=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,3b,36,8b,27,26,97,e0,41,95,b5,3a,ea,b2,0c,c0,ef,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,c2,13,bb,e4,90,7e,31,22,\ 4e,0f,50,17,c9,ea,a8,76,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,a0,\ c0,c1,e5,dc,41,2b,e9,f8,9a,ea,a2,1f,80,fe,1e,b0,01,00,00,79,81,f6,bc,e8,12,\ 97,f3,eb,af,43,08,bc,e6,65,6c,5e,f4,38,47,75,2d,eb,c4,16,14,38,53,8d,13,c8,\ 34,1e,4e,33,e8,1d,2d,d2,89,68,d9,05,4b,ef,9e,ab,5a,21,58,81,9f,c3,92,e0,b3,\ 3b,7f,2d,09,40,ac,97,ef,d7,bb,e7,56,0f,69,e1,c7,26,58,2f,c2,ab,7a,a2,90,09,\ c3,71,2f,df,82,c2,87,f4,3a,f3,86,36,93,fe,80,15,21,6a,4a,a6,ca,d6,ef,69,e8,\ af,8a,54,60,68,2d,6b,d3,f1,44,95,e1,84,43,28,8d,14,0d,2e,91,d6,88,7f,dd,b1,\ d7,d1,78,49,93,4f,10,e5,4d,86,e5,88,1f,79,a2,bc,03,11,b6,c8,2d,46,c2,3e,9e,\ 28,a8,55,f0,38,76,42,59,08,ab,df,82,49,4d,24,16,3a,d8,e8,a3,2d,94,18,ae,64,\ f5,aa,64,34,31,ce,48,5d,1d,85,23,9b,57,4c,ae,62,fb,12,1c,1c,b7,b7,d8,6b,df,\ 2a,cb,0d,52,d8,93,7e,0f,4a,8b,33,10,ff,b9,f8,38,3a,c9,ac,84,bc,b8,3a,a4,a1,\ f7,8c,7c,0c,68,4e,52,6f,51,e5,35,d7,68,94,f3,a9,73,c6,13,bc,c0,3a,66,0d,ac,\ 65,8c,1a,b9,5c,f3,fb,bd,4c,9e,59,83,05,38,b7,5a,4e,21,9b,96,4e,45,d4,9b,58,\ e6,0d,c6,2f,46,d4,af,27,c3,10,fd,69,b0,a9,50,e9,69,38,bc,72,25,a5,80,18,9b,\ 8d,e6,4c,45,97,31,af,80,12,ac,41,d7,14,5b,a6,cf,07,2c,39,87,d9,1a,11,cf,13,\ 85,b7,6d,85,de,93,d5,48,01,34,1f,48,30,ac,b2,b4,b3,77,05,8d,fc,53,bf,b5,31,\ cc,4e,a2,1f,c7,4a,38,ec,90,cb,92,c2,d6,c6,99,52,46,5d,63,ec,0a,18,d1,02,bd,\ 58,66,b8,2b,60,f9,35,34,3f,31,0a,a0,7f,9d,db,a5,41,51,c8,07,97,45,d1,17,9e,\ 8b,9d,bb,09,37,0b,5e,56,27,91,9a,2c,53,51,f0,81,53,74,60,71,c8,fe,bc,b6,03,\ f7,14,00,00,00,6f,af,35,07,38,e8,c6,57,62,6e,53,b7,76,92,ab,cf,15,24,a7,77 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“IE Search Band” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“History” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“The Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“ActiveX Cache Folder” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Play as Playlist Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{32020A01-506E-484D-A2A8-BE3CF17601C3}”=“AlcoholShellEx” “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}”=“ZipGenius Shell Extension” “{2E5AC2E0-406D-11D4-86B3-FA5861508E25}”=“ZipGenius Zip InfoTip” “{310A0C95-EA11-42AE-A8E4-53E69E650310}”=“ZipGenius Zip Drop handler” “{FE8D01BF-610A-4261-9C6E-32D65A42C907}”=“ZipGenius Drag and Drop handler” “{00000000-5736-4205-0100-1967b1b2ce60}”=“Steganos Security Suite 7 Special Edition” “{63542C48-9552-494A-84F7-73AA6A7C99C1}”=“OpenOffice Property Sheet Handler” “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}”=“Nokia Phone Browser” “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}”=“Contact View” “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}”=“Message View” “{472083B0-C522-11CF-8763-00608CC02F24}”=“avast” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{35786D3C-B075-49b9-88DD-029876E11C01}”=“Portable Devices” “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}”=“Portable Devices Menu” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}”=“IE Microsoft BrowserBand” “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}”=“IE Fade Task” “{205D7A97-F16D-4691-86EF-F3075DCCA57D}”=“IE Menu Desk Bar” “{3028902F-6374-48b2-8DC6-9725E775B926}”=“IE AutoComplete” “{43886CD5-6529-41c4-A707-7B3C92C05E68}”=“IE Navigation Bar” “{44C76ECD-F7FA-411c-9929-1B77BA77F524}”=“IE Menu Site” “{4B78D326-D922-44f9-AF2A-07805C2A3560}”=“IE Menu Band” “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}”=“IE Microsoft History AutoComplete List” “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}”=“IE Tracking Shell Menu” “{6CF48EF8-44CD-45d2-8832-A16EA016311B}”=“IE IShellFolderBand” “{73CFD649-CD48-4fd8-A272-2070EA56526B}”=“IE BandProxy” “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}”=“IE MRU AutoComplete List” “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}”=“IE RSS Feeder Folder” “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}”=“IE Microsoft Shell Folder AutoComplete List” “{B31C5FAE-961F-415b-BAF0-E697A5178B94}”=“IE Microsoft Multiple AutoComplete List Container” “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}”=“Microsoft Browser Architecture” “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}”=“IE Shell Rebar BandSite” “{E6EE9AAC-F76B-4947-8260-A9F136138E11}”=“IE Shell Band Site Menu” “{F2CF5485-4E02-4f68-819C-B92DE9277049}”="&Links" “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}”=“IE Registry Tree Options Utility” “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}”=“IE User Assist” “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}”=“IE Custom MRU AutoCompleted List” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ advpack.dll Mon 2007-01-08 19:00:48 A… 124 928 122,00 K bassmod.dll Sun 2007-02-11 18:12:46 A… 28 672 28,00 K bfqthofd.dll Wed 2007-03-14 19:18:28 … 132 116 129,02 K corpol.dll Mon 2007-01-08 19:01:14 A… 17 408 17,00 K extmgr.dll Fri 2007-01-12 9:27:42 A… 132 608 129,50 K ff_vfw.dll Tue 2007-01-09 18:46:02 A… 10 752 10,50 K ieakeng.dll Mon 2007-01-08 19:02:02 A… 153 088 149,50 K ieaksie.dll Mon 2007-01-08 19:02:02 A… 230 400 225,00 K ieakui.dll Mon 2007-01-08 19:02:02 A… 161 792 158,00 K ieapfltr.dll Mon 2007-01-08 19:02:02 … 383 488 374,50 K iedkcs32.dll Mon 2007-01-08 19:02:02 A… 384 000 375,00 K ieframe.dll Fri 2007-01-12 9:27:42 … 6 054 400 5,77 M iernonce.dll Mon 2007-01-08 19:02:04 A… 44 544 43,50 K iertutil.dll Mon 2007-01-08 19:02:04 A… 266 752 260,50 K jsproxy.dll Fri 2007-01-12 9:27:42 A… 27 136 26,50 K msfeeds.dll Fri 2007-01-12 9:27:42 … 458 752 448,00 K msfeed~1.dll Fri 2007-01-12 9:27:42 … 51 712 50,50 K mshtml.dll Fri 2007-01-12 9:27:42 A… 3 580 416 3,41 M mshtmled.dll Fri 2007-01-12 9:27:42 A… 477 696 466,50 K msrating.dll Mon 2007-01-08 19:03:02 A… 193 024 188,50 K mstime.dll Fri 2007-01-12 9:27:42 A… 670 720 655,00 K occache.dll Mon 2007-01-08 19:04:08 A… 102 400 100,00 K shell32.dll Tue 2006-12-19 22:51:04 A… 8 482 304 8,09 M shsvcs.dll Tue 2006-12-19 22:51:04 A… 135 168 132,00 K url.dll Mon 2007-01-08 19:04:54 A… 105 984 103,50 K urlmon.dll Fri 2007-01-12 9:27:42 A… 1 149 952 1,09 M webcheck.dll Fri 2007-01-12 9:27:42 A… 232 960 227,50 K wiaservc.dll Tue 2006-12-19 19:18:26 A… 334 336 326,50 K wininet.dll Fri 2007-01-12 9:27:42 A… 822 784 803,50 K 29 items found: 29 files, 0 directories. Total of file sizes: 24 950 292 bytes 23,79 M Locate .tmp files: C:\WINDOWS\SYSTEM32\ mcrh.tmp Wed 2007-03-14 12:39:44 A… 143 0,14 K 1 item found: 1 file, 0 directories. Total of file sizes: 143 bytes 0,14 K ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: E0E0-A9D1 Katalog: C:\WINDOWS\System32 2007-03-14 18:53 836 ivuocejq.ini 2007-03-01 20:13 1˙260˙844 svwelfev.ini 2007-02-18 19:22 2007-02-08 17:58 706 ptclqrat.ini 2005-05-20 20:39 3 plik(˘w) 1˙262˙386 bajt˘w 2 katalog(˘w) 3˙087˙724˙544 bajt˘w wolnych

Nie wiem czy o ten log chodziło

Złączono Posta : 15.03.2007 (Czw) 13:28

ComboScan v20070306.20 run by JAREK on 2007-03-15 at 13:24:07 Computer is in Normal Mode. -------------------------------------------------------------------------------- – HijackThis (run as JAREK.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 13:24:50, on 2007-03-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\SLEE81.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Neostrada TP\taskbaricon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\Rundll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\OpenOffice.org1.1.0\program\soffice.exe C:\Program Files\Neostrada TP\NeostradaTP.exe C:\Program Files\Neostrada TP\ComComp.exe C:\Program Files\Neostrada TP\Watch.exe C:\Program Files\Techland\TKA2\TKAng.exe D:\sciagane\DIAGNOSTYKA\comboscan.exe C:\PROGRA~1\HIJACK~1\JAREK.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [autoclk] autoclk.exe O4 - HKLM…\Run: [adiras] adiras.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [Odkurzacz-MCD] F:\Odkurzacz 10.1 Pro\odk_mcd.exe O4 - HKLM…\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide O4 - HKLM…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM…\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM…\Run: [CafeNews] C:\Program Files\Press-Service\CafeNews\CN.exe /autostart O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe” O4 - HKLM…\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe” O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [bitTorrent] “C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized O4 - HKCU…\Run: [Gadu-Gadu] “C:\Program Files\Gadu-Gadu\gg.exe” /tray O4 - Startup: OpenOffice.org 1.1.0.lnk = C:\Program Files\OpenOffice.org1.1.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: Subskrybuj w Cafe News - C:\Program Files\Press-Service\CafeNews\addFeed.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip…{D5921F1F-DD34-4EA0-9479-1F1927C7BE30}: NameServer = 194.204.159.1 217.98.63.164 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Steganos Live Encryption Engine 8.1 [service] (SLEE_81_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE81.exe – Files created between 2007-02-15 and 2007-03-15 ----------------------------- 2007-03-15 00:10:03 0 d-------- C:\Program Files\jv16 PowerTools 2007-03-14 23:27:40 126976 --a------ C:\WINDOWS\system32\zip.exe 2007-03-14 23:27:40 175616 --a------ C:\WINDOWS\system32\strings.exe 2007-03-14 23:27:40 16384 --a------ C:\WINDOWS\system32\restart.exe 2007-03-14 23:27:40 73728 --a------ C:\WINDOWS\system32\pv.exe 2007-03-14 23:27:40 39184 --a------ C:\WINDOWS\system32\Ntrights.exe 2007-03-14 23:27:40 11254 --a------ C:\WINDOWS\system32\locate.com 2007-03-14 19:18:23 132116 -----n— C:\WINDOWS\system32\bfqthofd.dll 2007-03-05 18:38:04 0 d-------- C:!KillBox 2007-03-05 18:35:53 0 d-------- C:\Pocket Killbox 2007-03-03 16:23:09 0 d-------- C:\Program Files\Soulseek 2007-03-03 16:12:50 0 d-------- C:\Program Files\MegauploadToolbar 2007-02-25 19:20:37 0 d-------- C:\EVEREST Home Edition 2007-02-25 19:07:35 0 d-------- C:\AIDA32 - Enterprise System Information 2007-02-18 19:21:16 0 d-------- C:\WINDOWS\ie7updates – Find3M Report --------------------------------------------------------------- 2007-03-15 13:04:27 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\Skype 2007-03-15 13:04:21 0 d-------- C:\Program Files\Neostrada TP 2007-03-15 13:03:05 0 d-------- C:\Program Files\OpenOffice.org1.1.0 2007-03-14 13:06:26 351676 --a------ C:\WINDOWS\system32\perfh015.dat 2007-03-14 13:06:26 47672 --a------ C:\WINDOWS\system32\perfc015.dat 2007-03-14 11:15:28 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\BitTorrent 2007-03-12 18:38:18 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\MegauploadToolbar 2007-03-07 23:04:33 0 d-------- C:\Program Files\Winamp 2007-03-05 18:05:05 4077 --a------ C:\WINDOWS\unins000.dat 2007-03-05 14:22:49 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\F-Secure 2007-03-05 14:12:44 0 d-------- C:\Program Files\Java 2007-03-03 14:27:30 0 d-------- C:\Program Files\eMule 2007-02-13 19:28:20 0 d-------- C:\Program Files\Gadu-Gadu 2007-02-11 18:34:16 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\Vso 2007-02-11 18:34:06 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-02-11 17:49:48 34 --a------ C:\Documents and Settings\JAREK\Dane aplikacji\pcouffin.log 2007-02-11 17:49:41 87608 --a------ C:\Documents and Settings\JAREK\Dane aplikacji\ezpinst.exe 2007-02-11 17:49:40 47360 --a------ C:\Documents and Settings\JAREK\Dane aplikacji\pcouffin.sys 2007-02-11 17:49:40 1144 --a------ C:\Documents and Settings\JAREK\Dane aplikacji\pcouffin.inf 2007-02-11 17:49:40 7824 --a------ C:\Documents and Settings\JAREK\Dane aplikacji\pcouffin.cat 2007-02-11 17:49:36 0 d-------- C:\Program Files\vso 2007-02-08 16:24:04 0 d-------- C:\Program Files\Yahoo! 2007-01-29 21:27:24 0 d-------- C:\Program Files\Dziobas Rar Player 2007-01-29 09:58:06 60416 -----n— C:\WINDOWS\system32\tzchange.exe 2007-01-28 14:38:14 0 d-------- C:\Program Files\DivX 2007-01-28 14:36:52 0 d-------- C:\Program Files\XviD 2007-01-28 14:36:39 0 d-------- C:\Program Files\ffdshow 2007-01-28 14:36:17 0 d-------- C:\Program Files\AVIcodec 2007-01-27 10:15:16 0 d-------- C:\Program Files\Lavasoft 2007-01-27 10:14:47 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\Lavasoft 2007-01-26 18:09:10 0 d-------- C:\Documents and Settings\JAREK\Dane aplikacji\AdobeUM 2007-01-26 18:09:04 0 d-------- C:\Program Files\Common Files\Adobe 2007-01-21 21:55:19 0 d-------- C:\Program Files\Windows Media Connect 2 2007-01-21 19:56:55 0 d-------- C:\Program Files\Techland 2007-01-21 16:16:26 0 d-------- C:\Program Files\BitTorrent 2007-01-15 18:32:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-01-15 18:23:20 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr 2007-01-12 09:27:42 232960 --a------ C:\WINDOWS\system32\webcheck.dll 2007-01-12 09:27:42 51712 -----n— C:\WINDOWS\system32\msfeedsbs.dll 2007-01-12 09:27:42 458752 -----n— C:\WINDOWS\system32\msfeeds.dll 2007-01-12 09:27:42 6054400 -----n— C:\WINDOWS\system32\ieframe.dll 2007-01-09 18:46:02 10752 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-01-08 19:04:54 105984 --a------ C:\WINDOWS\system32\url.dll 2007-01-08 19:04:08 102400 --a------ C:\WINDOWS\system32\occache.dll 2007-01-08 19:02:04 266752 --a------ C:\WINDOWS\system32\iertutil.dll 2007-01-08 19:02:04 44544 --a------ C:\WINDOWS\system32\iernonce.dll 2007-01-08 19:02:02 384000 --a------ C:\WINDOWS\system32\iedkcs32.dll 2007-01-08 19:02:02 383488 -----n— C:\WINDOWS\system32\ieapfltr.dll 2007-01-08 19:02:02 161792 --a------ C:\WINDOWS\system32\ieakui.dll 2007-01-08 19:02:02 230400 --a------ C:\WINDOWS\system32\ieaksie.dll 2007-01-08 19:02:02 153088 --a------ C:\WINDOWS\system32\ieakeng.dll 2007-01-08 19:01:14 17408 --a------ C:\WINDOWS\system32\corpol.dll 2007-01-08 19:00:48 124928 --a------ C:\WINDOWS\system32\advpack.dll 2007-01-08 18:08:14 56832 --a------ C:\WINDOWS\system32\ie4uinit.exe 2007-01-08 18:08:10 13824 --a------ C:\WINDOWS\system32\ieudinit.exe 2006-12-19 22:51:04 135168 --a------ C:\WINDOWS\system32\shsvcs.dll 2006-12-19 19:18:25 334336 --a------ C:\WINDOWS\system32\wiaservc.dll – Registry Dump --------------------------------------------------------------- [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” “MSMSGS”="“C:\Program Files\Messenger\msmsgs.exe” /background" “Skype”="“C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized" “BitTorrent”="“C:\Program Files\BitTorrent\bittorrent.exe” --force_start_minimized" “Gadu-Gadu”="“C:\Program Files\Gadu-Gadu\gg.exe” /tray" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] “SoundMan”=“SOUNDMAN.EXE” “KernelFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\ 65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00 “UserFaultCheck”=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\ 6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00 “PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray” “DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” “WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” “autoclk”=“autoclk.exe” “adiras”=“adiras.exe” “WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” “WOOTASKBARICON”=“C:\Program Files\Neostrada TP\taskbaricon.exe” “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” “Odkurzacz-MCD”=“F:\Odkurzacz 10.1 Pro\odk_mcd.exe” “Windows Defender”="“C:\Program Files\Windows Defender\MSASCui.exe” -hide" “Cmaudio”=“RunDll32 cmicnfg.cpl,CMICtrlWnd” “P17Helper”=“Rundll32 P17.dll,P17Helper” “CafeNews”=“C:\Program Files\Press-Service\CafeNews\CN.exe /autostart” “SunJavaUpdateSched”="“C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe”" “Adobe Photo Downloader”="“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”" [HKEY_USERS.default\software\microsoft\windows\currentversion\runonce] “SSSSE7”="“C:\Program Files\Steganos Security Suite 7 SE\sssse7.exe” -firstboot" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce] “SSSSE7”="“C:\Program Files\Steganos Security Suite 7 SE\sssse7.exe” -firstboot" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk] “path”=“C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk” “backup”=“C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup” “location”=“Common Startup” “command”=“C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " “item”=“Adobe Reader Speed Launch” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JAREK^Menu Start^Programy^Autostart^OpenOffice.org 1.1.0.lnk] “path”=“C:\Documents and Settings\JAREK\Menu Start\Programy\Autostart\OpenOffice.org 1.1.0.lnk” “backup”=“C:\WINDOWS\pss\OpenOffice.org 1.1.0.lnkStartup” “location”=“Startup” “command”=“C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE " “item”=“OpenOffice.org 1.1.0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^JAREK^Menu Start^Programy^Autostart^Rejestrowanie produktów Corela.lnk] “path”=“C:\Documents and Settings\JAREK\Menu Start\Programy\Autostart\Rejestrowanie produktów Corela.lnk” “backup”=“C:\WINDOWS\pss\Rejestrowanie produktów Corela.lnkStartup” “location”=“Startup” “command”=“E:\Corel\GRAPHI~1\Register\Remind32.exe " “item”=“Rejestrowanie produktów Corela” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hpotdd01” “hkey”=“HKLM” “command”=“C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“HPWuSchd” “hkey”=“HKLM” “command”=“C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“hpztsb08” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“msmsgs” “hkey”=“HKCU” “command”=”“C:\Program Files\Messenger\msmsgs.exe” /background” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“NeroCheck” “hkey”=“HKLM” “command”=“C:\WINDOWS\system32\NeroCheck.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“Dragdiag” “hkey”=“HKLM” “command”=”“C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSSSE7] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“SSSSE7” “hkey”=“HKCU” “command”="“C:\Program Files\Steganos Security Suite 7 SE\SSSSE7.exe” -boot" “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“jusched” “hkey”=“HKLM” “command”=“C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] “key”=“SOFTWARE\Microsoft\Windows\CurrentVersion\Run” “item”=“TaskbarIcon” “hkey”=“HKLM” “command”=“C:\PROGRA~1\Wanadoo\TaskbarIcon.exe” “inimapping”=“0” [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] “{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}”=“Microsoft AntiMalware ShellExecuteHook” “{EF7C999D-43DD-43C3-A25B-2DB1A881664A}”="" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] “WPDShServiceObj”="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKEY_USERS.default\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] “SecurityProviders”=“msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll” [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 – End of ComboScan: finished at 2007-03-15 at 13:25:12 ------------------------

adam9870 · 15 Marzec 2007 12:54

Ściągasz program KillBox, zaznaczasz Delete on reboot , w polu full path of file wklej ścieżki:

C:\WINDOWS\SYSTEM32\bfqthofd.dll

C:\WINDOWS\SYSTEM32\mcrh.tmp

C:\WINDOWS\System32\ivuocejq.ini

C:\WINDOWS\System32\svwelfev.ini

C:\WINDOWS\System32\ptclqrat.ini

Po wklejeniu każdej ścieżki z osobna klikasz na czerwonego iksa, ale dopiero po wklejeniu ostatniej zgadzasz się na restart.

Po wykonaniu pokaz nowy log z l2mfix.

jaren8 · 15 Marzec 2007 13:25

L2MFIX find log 051206 These are the registry keys present ********************************************************************************** Winlogon/notify: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\ 6c,00,00,00 “Logoff”=“ChainWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] “Asynchronous”=dword:00000000 “Impersonate”=dword:00000000 “DllName”=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Logoff”=“CryptnetWlxLogoffEvent” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] “DLLName”=“cscdll.dll” “Logon”=“WinlogonLogonEvent” “Logoff”=“WinlogonLogoffEvent” “ScreenSaver”=“WinlogonScreenSaverEvent” “Startup”=“WinlogonStartupEvent” “Shutdown”=“WinlogonShutdownEvent” “StartShell”=“WinlogonStartShellEvent” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] “DLLName”=“wlnotify.dll” “Logon”=“SCardStartCertProp” “Logoff”=“SCardStopCertProp” “Lock”=“SCardSuspendCertProp” “Unlock”=“SCardResumeCertProp” “Enabled”=dword:00000001 “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “StartShell”=“SchedStartShell” “Logoff”=“SchedEventLogOff” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] “Logoff”=“WLEventLogoff” “Impersonate”=dword:00000000 “Asynchronous”=dword:00000001 “DllName”=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] “DLLName”=“WlNotify.dll” “Lock”=“SensLockEvent” “Logon”=“SensLogonEvent” “Logoff”=“SensLogoffEvent” “Safe”=dword:00000001 “MaxWait”=dword:00000258 “StartScreenSaver”=“SensStartScreenSaverEvent” “StopScreenSaver”=“SensStopScreenSaverEvent” “Startup”=“SensStartupEvent” “Shutdown”=“SensShutdownEvent” “StartShell”=“SensStartShellEvent” “PostShell”=“SensPostShellEvent” “Disconnect”=“SensDisconnectEvent” “Reconnect”=“SensReconnectEvent” “Unlock”=“SensUnlockEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] “Asynchronous”=dword:00000000 “DllName”=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Impersonate”=dword:00000000 “Logoff”=“TSEventLogoff” “Logon”=“TSEventLogon” “PostShell”=“TSEventPostShell” “Shutdown”=“TSEventShutdown” “StartShell”=“TSEventStartShell” “Startup”=“TSEventStartup” “MaxWait”=dword:00000258 “Reconnect”=“TSEventReconnect” “Disconnect”=“TSEventDisconnect” [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] “Logon”=“WLEventLogon” “Logoff”=“WLEventLogoff” “Startup”=“WLEventStartup” “Shutdown”=“WLEventShutdown” “StartScreenSaver”=“WLEventStartScreenSaver” “StopScreenSaver”=“WLEventStopScreenSaver” “Lock”=“WLEventLock” “Unlock”=“WLEventUnlock” “StartShell”=“WLEventStartShell” “PostShell”=“WLEventPostShell” “Disconnect”=“WLEventDisconnect” “Reconnect”=“WLEventReconnect” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000000 “SafeMode”=dword:00000001 “MaxWait”=dword:ffffffff “DllName”=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\ 6c,00,6c,00,00,00 “Event”=dword:00000000 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings] “Data”=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\ 00,00,3b,36,8b,27,26,97,e0,41,95,b5,3a,ea,b2,0c,c0,ef,04,00,00,00,04,00,00,\ 00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,16,54,66,92,1f,26,b7,fa,\ 46,03,60,fd,bd,94,26,1c,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,5c,\ 96,b1,53,b4,db,b6,36,f9,2a,62,33,d6,72,8f,46,b0,01,00,00,0a,60,12,d9,79,95,\ d6,9a,e5,b1,89,cb,98,18,ba,9a,87,bb,e3,4d,c1,83,e9,c0,7a,ec,d8,43,67,19,80,\ 15,86,4a,61,df,b7,91,20,a6,a8,cf,87,c4,e2,9f,ea,c9,34,88,f1,3a,14,b5,8c,45,\ 2d,c9,a9,d5,d9,f0,2b,b7,97,fd,d9,75,c7,0e,bd,79,c5,47,3e,04,c4,eb,47,f3,c2,\ 98,e8,74,12,17,9a,2f,6d,0d,1e,9b,62,93,e5,d1,d3,25,eb,50,6b,d5,62,d2,3e,72,\ 3d,02,15,0b,cd,04,ce,ed,16,2d,a2,36,1c,6d,3d,08,7d,6b,5a,68,62,d3,b1,64,89,\ 19,20,87,ab,c8,e2,05,71,4d,91,70,9d,55,04,4b,e6,af,1e,62,b4,1e,10,64,24,f2,\ f2,19,e3,70,d2,fe,5a,1c,98,39,d3,f9,69,ef,7f,93,be,2b,fc,03,8c,9f,c4,e7,45,\ ca,02,d3,e6,e2,5d,d4,f6,3a,92,5d,bc,83,a6,6d,21,a4,1e,58,a6,a3,fc,19,49,7c,\ db,95,66,da,25,8c,9e,0f,90,e5,eb,a6,42,fb,54,c6,69,db,c5,e9,35,47,96,9e,41,\ fb,9f,20,cf,28,ae,b4,50,4a,f2,02,3b,93,c7,f6,ba,f4,dc,36,92,a3,62,fd,b1,bd,\ c6,4d,ca,49,b7,98,d3,46,72,77,54,30,cf,9e,bb,95,a0,e4,dd,65,ca,f1,1f,7c,c2,\ 59,50,c7,f8,d0,13,0f,41,e6,2e,a6,19,1a,f1,e0,dc,56,f3,ee,81,cf,dd,32,fe,57,\ 5f,f6,98,8b,d8,12,14,1c,d2,0e,40,cc,22,5f,c2,df,43,e3,fb,0e,9d,6e,cd,62,21,\ f3,96,28,ce,85,83,5f,1b,4c,1d,46,da,7b,e9,1f,9f,2c,75,22,71,59,69,4d,a4,fb,\ eb,a0,c9,39,b0,56,cb,a4,f9,f4,f2,04,e8,cf,56,a1,6c,ff,4e,00,7e,86,58,d1,50,\ a4,61,b7,e8,a9,a4,94,c2,af,15,8f,a8,3a,e2,93,69,35,d4,8f,00,f2,fb,3f,a5,34,\ 2d,69,75,81,3e,78,45,b3,b5,38,f5,56,e7,a7,49,a4,10,c9,b1,e4,c2,cf,b1,45,e5,\ 31,14,00,00,00,86,0e,93,b4,9f,00,3e,97,0d,0a,79,d1,c6,7e,5e,75,67,d5,8f,97 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] “DLLName”=“wlnotify.dll” “Logon”=“RegisterTicketExpiredNotificationEvent” “Logoff”=“UnregisterTicketExpiredNotificationEvent” “Impersonate”=dword:00000001 “Asynchronous”=dword:00000001 ********************************************************************************** useragent: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] ********************************************************************************** Shell Extension key: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] “{00022613-0000-0000-C000-000000000046}”=“Karta waciwoci pliku multimedialnego” “{176d6597-26d3-11d1-b350-080036a75b03}”=“ZarzĄdzanie skanerem ICM” “{1F2E5C40-9550-11CE-99D2-00AA006E086C}”=“Strona zabezpieczeä NTFS” “{3EA48300-8CF6-101B-84FB-666CCB9BCD32}”=“Strona waciwoci OLE Docfile” “{40dd6e20-7c17-11ce-a804-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{41E300E0-78B6-11ce-849B-444553540000}”=“PlusPack CPL Extension” “{42071712-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL karty graficznej” “{42071713-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL monitora wywietlania” “{42071714-76d4-11d1-8b24-00a0c9068ff3}”=“Rozszerzenie CPL kadrowania wywietlania” “{4E40F770-369C-11d0-8922-00A024AB2DBB}”=“Strona zabezpieczeä usugi DS” “{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}”=“Strona zgodnoci” “{56117100-C0CD-101B-81E2-00AA004AE837}”=“Program obsugi danych wycinkowych powoki” “{59099400-57FF-11CE-BD94-0020AF85B590}”=“Rozszerzenie Disc Copy” “{59be4990-f85c-11ce-aff7-00aa003ca9f6}”=“Rozszerzenia powoki dla obiekt˘w Microsoft Windows Network” “{5DB2625A-54DF-11D0-B6C4-0800091AA605}”=“ZarzĄdzanie monitorem ICM” “{675F097E-4C4D-11D0-B6C1-0800091AA605}”=“ZarzĄdzanie drukarkĄ ICM” “{764BF0E1-F219-11ce-972D-00AA00A14F56}”=“Rozszerzenia powoki dla kompresji plik˘w” “{77597368-7b15-11d0-a0c2-080036af3f03}”=“Rozszerzenie powoki drukarek sieci Web” “{7988B573-EC89-11cf-9C00-00AA00A14F56}”=“Disk Quota UI” “{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}”=“Menu kontekstowe szyfrowania” “{85BBD920-42A0-1069-A2E4-08002B30309D}”=“Akt˘wka” “{88895560-9AA2-1069-930E-00AA0030EBC8}”=“Rozszerzenie ikony HyperTerminalu” “{BD84B380-8CA2-1069-AB1D-08000948F534}”=“Fonts” “{DBCE2480-C732-101B-BE72-BA78E9AD5B27}”=“Profil ICC” “{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}”=“Strona zabezpieczeä drukarek” “{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}”=“Rozszerzenia powoki dla udost©pniania zasob˘w” “{f92e8c40-3d33-11d2-b1aa-080036a75b03}”=“Display TroubleShoot CPL Extension” “{7444C717-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto PKO” “{7444C719-39BF-11D1-8CD9-00C04FC29D45}”=“Rozszerzenie Crypto Sign” “{7007ACC7-3202-11D1-AAD2-00805FC1270E}”=“PoĄczenia sieciowe” “{992CFFA0-F557-101A-88EC-00DD010CCC48}”=“PoĄczenia sieciowe” “{E211B736-43FD-11D1-9EFB-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}”="&Skanery i aparaty fotograficzne" “{905667aa-acd6-11d2-8080-00805f6596d2}”="&Skanery i aparaty fotograficzne" “{3F953603-1008-4f6e-A73A-04AAC7A992F1}”="&Skanery i aparaty fotograficzne" “{83bbcbf3-b28a-4919-a5aa-73027445d672}”="&Skanery i aparaty fotograficzne" “{F0152790-D56E-4445-850E-4F3117DB740C}”=“Remote Sessions CPL Extension” “{5F327514-6C5E-4d60-8F16-D07FA08A78ED}”=“Auto Update Property Sheet Extension” “{60254CA5-953B-11CF-8C96-00AA00B8708C}”=“Rozszerzenia powoki dla hosta skrypt˘w systemu Windows” “{2206CDB2-19C1-11D1-89E0-00C04FD7A829}”=“Microsoft Data Link” “{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Icon Handler” “{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}”=“Tasks Folder Shell Extension” “{D6277990-4C6A-11CF-8D87-00AA0060F5BF}”=“Zaplanowane zadania” “{0DF44EAA-FF21-4412-828E-260A8728E7F1}”=“Pasek zadaä i menu Start” “{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}”=“Wyszukaj” “{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}”=“Pomoc i obsuga techniczna” “{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}”=“Uruchom…” “{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}”=“Internet” “{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}”=“E-mail” “{D20EA4E1-3957-11d2-A40B-0C5020524152}”=“Czcionki” “{D20EA4E1-3957-11d2-A40B-0C5020524153}”=“Narz©dzia administracyjne” “{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}”=“Audio Media Properties Handler” “{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}”=“Video Media Properties Handler” “{E4B29F9D-D390-480b-92FD-7DDB47101D71}”=“Wav Properties Handler” “{87D62D94-71B3-4b9a-9489-5FE6850DC73E}”=“Avi Properties Handler” “{A6FD9E45-6E44-43f9-8644-08598F5A74D9}”=“Midi Properties Handler” “{c5a40261-cd64-4ccf-84cb-c394da41d590}”=“Video Thumbnail Extractor” “{5E6AB780-7743-11CF-A12B-00AA004AE837}”=“Pasek narz©dzi programu Microsoft Internet” “{22BF0C20-6DA7-11D0-B373-00A0C9034938}”=“Stan pobierania” “{91EA3F8B-C99B-11d0-9815-00C04FD91972}”=“Folder powoki zwi©kszonej” “{6413BA2C-B461-11d1-A18A-080036B11A03}”=“Folder powoki zwi©kszonej 2” “{F61FFEC1-754F-11d0-80CA-00AA005B4383}”=“BandProxy” “{7BA4C742-9E81-11CF-99D3-00AA004AE837}”=“Pasek przeglĄdarki Microsoft” “{30D02401-6A81-11d0-8274-00C04FD5AE38}”=“IE Search Band” “{32683183-48a0-441b-a342-7c2a440a9478}”=“Pasek multimedi˘w” “{169A0691-8DF9-11d1-A1C4-00C04FD75D13}”=“Wyszukiwanie w okienku” “{07798131-AF23-11d1-9111-00A0C98BA67D}”=“Wyszukiwanie w sieci Web” “{AF4F6510-F982-11d0-8595-00AA004CD6D8}”=“Narz©dzie opcji drzewa rejestru” “{01E04581-4EEE-11d0-BFE9-00AA005B4383}”="&Adres" “{A08C11D2-A228-11d0-825B-00AA005B4383}”=“Pole edycji adresu” “{00BB2763-6A77-11D0-A535-00C04FD7D062}”=“Autouzupenianie Microsoft” “{7376D660-C583-11d0-A3A5-00C04FD706EC}”=“Wyodr©bnianie obraz˘w Trident” “{6756A641-DE71-11d0-831B-00AA005B4383}”=“Lista autouzupeniania MRU” “{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}”=“Niestandardowa lista autouzupeniania MRU” “{7e653215-fa25-46bd-a339-34a2790f3cb7}”=“Dost©pny” “{acf35015-526e-4230-9596-becbe19f0ac9}”=“Pasek podr©czny ledzenia” “{E0E11A09-5CB8-4B6C-8332-E00720A168F2}”=“Analizator paska adresu” “{00BB2764-6A77-11D0-A535-00C04FD7D062}”=“Lista autouzupeniania historii Microsoft” “{03C036F1-A186-11D0-824A-00AA005B4383}”=“Lista autouzupeniania folderu powoki Microsoft” “{00BB2765-6A77-11D0-A535-00C04FD7D062}”=“Kontener wielu list autouzupeniania Microsoft” “{ECD4FC4E-521C-11D0-B792-00A0C90312E1}”=“Menu witryny paska powoki” “{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}”=“Shell DeskBarApp” “{ECD4FC4C-521C-11D0-B792-00A0C90312E1}”=“Pasek pulpitu powoki” “{ECD4FC4D-521C-11D0-B792-00A0C90312E1}”=“Shell Rebar BandSite” “{DD313E04-FEFF-11d1-8ECD-0000F87A470C}”=“Pomoc dla uľytkownika” “{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}”=“Globalne ustawienia folder˘w” “{EFA24E61-B078-11d0-89E4-00C04FC9E26E}”=“Favorites Band” “{0A89A860-D7B1-11CE-8350-444553540000}”=“Shell Automation Inproc Service” “{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}”=“Shell DocObject Viewer” “{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}”=“Microsoft Browser Architecture” “{FBF23B40-E3F0-101B-8488-00AA003E56F8}”=“InternetShortcut” “{3C374A40-BAE4-11CF-BF7D-00AA006946EE}”=“Microsoft Url History Service” “{FF393560-C2A7-11CF-BFF4-444553540000}”=“History” “{7BD29E00-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{7BD29E01-76C1-11CF-9DD0-00A0C9034933}”=“Temporary Internet Files” “{CFBFAE00-17A6-11D0-99CB-00C04FD64497}”=“Microsoft Url Search Hook” “{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}”=“Ekran powitalny pakietu IE4” “{67EA19A0-CCEF-11d0-8024-00C04FD75D13}”=“CDF Extension Copy Hook” “{131A6951-7F78-11D0-A979-00C04FD705A2}”=“ISFBand OC” “{9461b922-3c5a-11d2-bf8b-00c04fb93661}”=“Search Assistant OC” “{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}”=“The Internet” “{871C5380-42A0-1069-A2EA-08002B30309D}”=“Internet Name Space” “{EFA24E64-B078-11d0-89E4-00C04FC9E26E}”=“Pasek eksploratora” “{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}”=“Sendmail service” “{88C6C381-2E85-11D0-94DE-444553540000}”=“ActiveX Cache Folder” “{E6FB5E20-DE35-11CF-9C87-00AA005127ED}”=“WebCheck” “{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}”=“Subscription Mgr” “{F5175861-2688-11d0-9C5E-00AA00A45957}”=“Subscription Folder” “{08165EA0-E946-11CF-9C87-00AA005127ED}”=“WebCheckWebCrawler” “{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}”=“WebCheckChannelAgent” “{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}”=“TrayAgent” “{7D559C10-9FE9-11d0-93F7-00AA0059CE02}”=“Code Download Agent” “{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}”=“ConnectionAgent” “{D8BD2030-6FC9-11D0-864F-00AA006809D9}”=“PostAgent” “{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}”=“WebCheck SyncMgr Handler” “{352EC2B7-8B9A-11D1-B8AE-006008059382}”=“Menedľer aplikacji powoki” “{0B124F8F-91F0-11D1-B8B5-006008059382}”=“Wyliczanie zainstalowanych aplikacji” “{CFCCC7A0-A282-11D1-9082-006008059382}”=“Publikator aplikacji Darwin” “{e84fda7c-1d6a-45f6-b725-cb260c236066}”=“Shell Image Verbs” “{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}”=“Shell Image Data Factory” “{3F30C968-480A-4C6C-862D-EFC0897BB84B}”=“GDI+program wyodr©bniajĄcy miniatury plik˘w” “{9DBD2C50-62AD-11d0-B806-00C04FD706EC}”=“Informacje podsumowujĄce obsugi miniatur (DOCFILES)” “{EAB841A0-9550-11cf-8C16-00805F1408F3}”=“Wyodr©bnianie miniatur HTML” “{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}”=“Shell Image Property Handler” “{CC6EEFFB-43F6-46c5-9619-51D571967F7D}”=“Kreator publikacji w sieci Web” “{add36aa8-751a-4579-a266-d66f5202ccbb}”=“Zamawianie odbitek w sieci Web” “{6b33163c-76a5-4b6c-bf21-45de9cd503a1}”=“Obiekt powoki kreatora publikacji” “{58f1f272-9240-4f51-b6d4-fd63d1618591}”=“Kreator uzyskiwania profilu usugi Passport” “{7A9D77BD-5403-11d2-8785-2E0420524153}”=“Konta uľytkownik˘w” “{BD472F60-27FA-11cf-B8B4-444553540000}”=“Compressed (zipped) Folder Right Drag Handler” “{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}”=“Compressed (zipped) Folder SendTo Target” “{63da6ec0-2e98-11cf-8d82-444553540000}”=“FTP Folders Webview” “{883373C3-BF89-11D1-BE35-080036B11A03}”=“Microsoft DocProp Shell Ext” “{A9CF0EAE-901A-4739-A481-E35B73E47F6D}”=“Microsoft DocProp Inplace Edit Box Control” “{8EE97210-FD1F-4B19-91DA-67914005F020}”=“Microsoft DocProp Inplace ML Edit Box Control” “{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}”=“Microsoft DocProp Inplace Droplist Combo Control” “{6A205B57-2567-4A2C-B881-F787FAB579A3}”=“Microsoft DocProp Inplace Calendar Control” “{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}”=“Microsoft DocProp Inplace Time Control” “{8A23E65E-31C2-11d0-891C-00A024AB2DBB}”=“Directory Query UI” “{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}”=“Shell properties for a DS object” “{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}”=“Directory Object Find” “{F020E586-5264-11d1-A532-0000F8757D7E}”=“Directory Start/Search Find” “{0D45D530-764B-11d0-A1CA-00AA00C16E65}”=“Directory Property UI” “{62AE1F9A-126A-11D0-A14B-0800361B1103}”=“Directory Context Menu Verbs” “{ECF03A33-103D-11d2-854D-006008059367}”=“MyDocs Copy Hook” “{ECF03A32-103D-11d2-854D-006008059367}”=“MyDocs Drop Target” “{4a7ded0a-ad25-11d0-98a8-0800361b1103}”=“MyDocs Properties” “{750fdf0e-2a26-11d1-a3ea-080036587f03}”=“Offline Files Menu” “{10CFC467-4392-11d2-8DB4-00C04FA31A66}”=“Offline Files Folder Options” “{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}”=“Folder plik˘w trybu offline” “{143A62C8-C33B-11D1-84FE-00C04FA34A14}”=“Microsoft Agent Character Property Sheet Handler” “{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}”=“DfsShell” “{60fd46de-f830-4894-a628-6fa81bc0190d}”="%DESC_PublishDropTarget%" “{7A80E4A8-8005-11D2-BCF8-00C04F72C717}”=“MMC Icon Handler” “{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}”=".CAB file viewer" “{32714800-2E5F-11d0-8B85-00AA0044F941}”="&Do os˘b…" “{8DD448E6-C188-4aed-AF92-44956194EB1F}”=“Windows Media Player Burn Audio CD Context Menu Handler” “{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}”=“Windows Media Player Play as Playlist Context Menu Handler” “{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}”=“Windows Media Player Add to Playlist Context Menu Handler” “{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}”=“Set Program Access and Defaults” “{596AB062-B4D2-4215-9F74-E9109B0A8153}”=“Previous Versions Property Page” “{9DB7A13C-F208-4981-8353-73CC61AE2783}”=“Previous Versions” “{692F0339-CBAA-47e6-B5B5-3B84DB604E87}”=“Extensions Manager Folder” “{32020A01-506E-484D-A2A8-BE3CF17601C3}”=“AlcoholShellEx” “{C169E5F0-E2B3-41F3-B81A-7BA529CBE193}”=“ZipGenius Shell Extension” “{2E5AC2E0-406D-11D4-86B3-FA5861508E25}”=“ZipGenius Zip InfoTip” “{310A0C95-EA11-42AE-A8E4-53E69E650310}”=“ZipGenius Zip Drop handler” “{FE8D01BF-610A-4261-9C6E-32D65A42C907}”=“ZipGenius Drag and Drop handler” “{00000000-5736-4205-0100-1967b1b2ce60}”=“Steganos Security Suite 7 Special Edition” “{63542C48-9552-494A-84F7-73AA6A7C99C1}”=“OpenOffice Property Sheet Handler” “{40950107-FEA6-4d53-A65F-B2DCBA57DD58}”=“Nokia Phone Browser” “{FBFE7864-D495-41f0-B7DC-4BB601CC295E}”=“Contact View” “{C0C4375A-5B72-4efe-929D-3B848C3A1E91}”=“Message View” “{472083B0-C522-11CF-8763-00608CC02F24}”=“avast” “{21569614-B795-46b1-85F4-E737A8DC09AD}”=“Shell Search Band” “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”=“WinRAR shell extension” “{35786D3C-B075-49b9-88DD-029876E11C01}”=“Portable Devices” “{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}”=“Portable Devices Menu” “{640167b4-59b0-47a6-b335-a6b3c0695aea}”=“Portable Media Devices” “{07C45BB1-4A8C-4642-A1F5-237E7215FF66}”=“IE Microsoft BrowserBand” “{1C1EDB47-CE22-4bbb-B608-77B48F83C823}”=“IE Fade Task” “{205D7A97-F16D-4691-86EF-F3075DCCA57D}”=“IE Menu Desk Bar” “{3028902F-6374-48b2-8DC6-9725E775B926}”=“IE AutoComplete” “{43886CD5-6529-41c4-A707-7B3C92C05E68}”=“IE Navigation Bar” “{44C76ECD-F7FA-411c-9929-1B77BA77F524}”=“IE Menu Site” “{4B78D326-D922-44f9-AF2A-07805C2A3560}”=“IE Menu Band” “{6038EF75-ABFC-4e59-AB6F-12D397F6568D}”=“IE Microsoft History AutoComplete List” “{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}”=“IE Tracking Shell Menu” “{6CF48EF8-44CD-45d2-8832-A16EA016311B}”=“IE IShellFolderBand” “{73CFD649-CD48-4fd8-A272-2070EA56526B}”=“IE BandProxy” “{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}”=“IE MRU AutoComplete List” “{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}”=“IE RSS Feeder Folder” “{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}”=“IE Microsoft Shell Folder AutoComplete List” “{B31C5FAE-961F-415b-BAF0-E697A5178B94}”=“IE Microsoft Multiple AutoComplete List Container” “{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}”=“Microsoft Browser Architecture” “{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}”=“IE Shell Rebar BandSite” “{E6EE9AAC-F76B-4947-8260-A9F136138E11}”=“IE Shell Band Site Menu” “{F2CF5485-4E02-4f68-819C-B92DE9277049}”="&Links" “{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}”=“IE Registry Tree Options Utility” “{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}”=“IE User Assist” “{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}”=“IE Custom MRU AutoCompleted List” ********************************************************************************** HKEY ROOT CLASSIDS: ********************************************************************************** Files Found are not all bad files: C:\WINDOWS\SYSTEM32\ advpack.dll Mon 2007-01-08 19:00:48 A… 124 928 122,00 K bassmod.dll Sun 2007-02-11 18:12:46 A… 28 672 28,00 K corpol.dll Mon 2007-01-08 19:01:14 A… 17 408 17,00 K extmgr.dll Fri 2007-01-12 9:27:42 A… 132 608 129,50 K ff_vfw.dll Tue 2007-01-09 18:46:02 A… 10 752 10,50 K ieakeng.dll Mon 2007-01-08 19:02:02 A… 153 088 149,50 K ieaksie.dll Mon 2007-01-08 19:02:02 A… 230 400 225,00 K ieakui.dll Mon 2007-01-08 19:02:02 A… 161 792 158,00 K ieapfltr.dll Mon 2007-01-08 19:02:02 … 383 488 374,50 K iedkcs32.dll Mon 2007-01-08 19:02:02 A… 384 000 375,00 K ieframe.dll Fri 2007-01-12 9:27:42 … 6 054 400 5,77 M iernonce.dll Mon 2007-01-08 19:02:04 A… 44 544 43,50 K iertutil.dll Mon 2007-01-08 19:02:04 A… 266 752 260,50 K jsproxy.dll Fri 2007-01-12 9:27:42 A… 27 136 26,50 K msfeeds.dll Fri 2007-01-12 9:27:42 … 458 752 448,00 K msfeed~1.dll Fri 2007-01-12 9:27:42 … 51 712 50,50 K mshtml.dll Fri 2007-01-12 9:27:42 A… 3 580 416 3,41 M mshtmled.dll Fri 2007-01-12 9:27:42 A… 477 696 466,50 K msrating.dll Mon 2007-01-08 19:03:02 A… 193 024 188,50 K mstime.dll Fri 2007-01-12 9:27:42 A… 670 720 655,00 K occache.dll Mon 2007-01-08 19:04:08 A… 102 400 100,00 K shell32.dll Tue 2006-12-19 22:51:04 A… 8 482 304 8,09 M shsvcs.dll Tue 2006-12-19 22:51:04 A… 135 168 132,00 K url.dll Mon 2007-01-08 19:04:54 A… 105 984 103,50 K urlmon.dll Fri 2007-01-12 9:27:42 A… 1 149 952 1,09 M webcheck.dll Fri 2007-01-12 9:27:42 A… 232 960 227,50 K wiaservc.dll Tue 2006-12-19 19:18:26 A… 334 336 326,50 K wininet.dll Fri 2007-01-12 9:27:42 A… 822 784 803,50 K 28 items found: 28 files, 0 directories. Total of file sizes: 24 818 176 bytes 23,67 M Locate .tmp files: No matches found. ********************************************************************************** Directory Listing of system files: Wolumin w stacji C nie ma etykiety. Numer seryjny woluminu: E0E0-A9D1 Katalog: C:\WINDOWS\System32 2007-02-18 19:22 2005-05-20 20:39 0 plik(˘w) 0 bajt˘w 2 katalog(˘w) 3˙086˙094˙336 bajt˘w wolnych

adam9870 · 15 Marzec 2007 14:08

Już jest Ok.

jaren8 · 15 Marzec 2007 14:34

Bardzo dzięhi za pomoc Ziomal

Mam jeszcze jeden problem po starcie Win pojawia się komunikat: